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AMENDMENTS TO THE CLAIMS : 

1 . (Currently Amended) A method of providing a Certificate Status 
Service ("CSS") for checking validities of authentication certificates issued by 
respective issuing Certification Authorities ("CAs"), comprising the steps of: 

receiving one or more certificate status queries from requesting 
entities: 

if the issuing CAs are not found on a CSS's list of approved CAs or the 
certificates have expired, returning invalid statuses for those certificates; 

if the current statuses are found in the CSS's status cache, returning 
those certificates' statuses: 

if any status has not vet been determined, i d e nt i fy i ng fetching all 
certificate status reporting methods and communications information from a 
configuration store of the CSS that are needed for retrieving a status of each 
an authenticat i on certificate whose status has not vet been determined from 
aB the respective issuing CAs CA that i ssu e d th e auth e nt i cation c e rt i f i cat e; 

configuring a connoctor connectors based on the identified information 
for communicating with the issuing GA CAs ; 

communicating with the issuing GA CAs according to the configured 
conn e ctor wh e n th e status of th e auth e nticat i on c e rt i ficat e i s qu e r ie d; and 
connectors; 

retrieving the status of the all queried authent i cat i on c e rt i f i cat e 
certificates ; 



- 17- 



Attorney's Docket No. 1003670-000104.001 
Application No. 10/620,817 
Page 18 

processing the certificate statuses according to an appropriate 
certificate status reporting method that may include, but is not limited to, 
Certificate Revocation Lists (CRLs) that are retrieved at specified publication 

intervals. Delta Certificate Revocation Lists (ACRLs) that are retrieved upon 

notification, LDAP, OCSP, and any other certificate status means that are 
gueried and retrieved using real-time protocols; 

recording retrieved certificate statuses in the CSS's cache memory; 

returning the retrieved certificate statuses to the reguesting entities; 

wherein the issuing GA CAs and the-connector parameters are 
designated on a list of approved CAs in a the configuration store that enable 
the CSS to interwork with any CAs and CA domains even though they can 
operate using dissimilar certificate practices and policies . 

2. (Currently Amended) The method of claim 1 , wherein a 
certificate is deemed to have expired if a local date and time ar e checked for 
wh e th e r th e y fall within a outside a validity period as indicated in the 
authont i cation certificate and an i nva l id status is reported if the local dat e and 
tim e fal l outsid e th e va l idity p e riod . 

3. (Currently Amended) The method of claim [[1]] 2, wherein the 
issuing CA is i nc l ud e d i n th e added to at least one organization's list of 
approved CAs by vetting and approving the issuing CA according to 
predetermined business rules, wherein the business rules include at least one 
rule for reviewing the acceptability of the CA's certificate policy and practices 
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for insuring the identity of the entity requesting the certificate, and if the 
issuing CA is vetted and not approved or later disapproved, the issuing CA is 
designated on a added to the organization's list of not-approved CAs in the 
configuration store and/or has any prior entry removed from the organization's 
list of approved CAs . 

4. (Currently Amended) The method of claim 3, wherein vetting 
and approving the issuing CA includ e s include registering a representation of 
a jh e CA's trusted authentication certificate of the CA with the CSS and 
adding at le ast th e r e pr e s e ntation, at least a status reporting component of 
the CA. the certificate status reporting method including, but not limited to. 
CRL, OCSP, LDAP, and a time-to-live data elemen t and communication 
information needed to configure a connector to the CSS's configuration store. 
to a l ocal cach e m e mory, and a connector i s conf i gured for rotr i oving tho 
add e d status wh e n th e status of th e trust e d auth e ntication c e rtificat e i s 
quer ie d. 

5. (Currently Amended) The method of claim [[2]] 4, further 
comprising the steps oft 

checking and updating a local cache memory for the certificate status, 
and if the status is found in the local cache memory and , checking that the 
local date and time are within the certificate's validity period , r e tri e ving th o 
st atus from th e loca l cach e m e mory, or i f and that the time-to-live data 
element or and use-counter values are within a threshold; 



- 19- 



Attorney's Docket No. 1003670-000104.001 
Application No. 10/620,817 
Page 20 

if any of the validity period, time-to-live data element, or use-counter 
values are unacceptable, is e xc e ed e d clearing the local cache memory-entfy, 
wherein if the status is not found in the local cache memory, the CSS 
establishes a communication session with [[a]] the certificate status reporting 
component of the issuing CA, composes a certificate status request using one 
of the CRL or real-time reporting methods according to the configured 
connector, retrieves the status from the certificate status reporting component, 
closes the communication session with the certificate status reporting 
component, and adds at least one of the auth e ntication certificate's 
identification, status, use-counter, and time-to-live data element to the local 
cache memory. 

6. (Currently Amended) The method of claim 1 , wherein the 
certificate status reporting method is indicated [[by]] to be a CRL C e rt i f i cat e 
Revocation L i st (CRL) , according to a publication schedule of the issuing CA, 
wherein the CSS retrieves the CRL from a certificate status reporting 
component listed in the configuration store, the CSS clears [[a]] the cache 
memory associated with the issuing CA, and the CSS d e t e rmin e s extracts the 
status of [[the]] all authentication c e rtificat e certificates from the CRL and 
stores the status statuses in the cache memory associated with the issuing 
CA. 

7. (Currently Amended) The method of claim 1 , wherein the 
certificate status reporting method is indicated [[by]] to be a ACRL D el ta 
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C e rt i f i cat e R e vocation List ("ACRL"); , wherein upon notification by the issuing 

CA that [[a]] the ACRL is available, the CSS retrieves the ACRL from a 

certificate status reporting component listed in the configuration store[[;]] and 

if the ACRL is a comp l oto full CRL, then the CSS clears [[a]] the cache 

memory associated with the issuing CA, determ i nes tho status extracts all 
certificate statuses from the CRL, and stores the status statuses in the cache 

memory[[;]] A and if the ACRL contains only changes occurring after publication 

of a full CRL, the CSS d e t e rm i n e s th e status extracts all certificate statuses 

from the ACRL, and stores the status statuses in the cache memory. 

8. (Currently Amended) The method of claim 1 , wherein the 
communicating step includes communicating according to a s e qu e nc e 
plurality of connectors to multiple CAs and PKIs . 

9. (Currently Amended) The method of claim 1 , wherein [[a]] the 
connector e mb e ds allows more than one certificate status ch e ck request to be 
chained together in a single communicating step. 

10. (Currently Amended) The method of claim 1 , wherein the 
auth e nticat i on c e rt i f i cat e certificates are [[is]] held in the configuration store 
until expiration and information are extracted as needed not us e d for 
i d e nt i ficat i on . 
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1 1 . (Currently Amended) [[A]] The method of claim 1 , wherein the 
retrieving [[a]] of the status of an auth e nt i cation the certificate issued by [[an]] 
the issu i ng approved CA Cert i ficat i on Author i ty ("CA") in response to a query 
from a trusted third-party repository of information objects to the CSS a 
C e rt i ficate Status S e rv i c e ("CSS") to validate the authentication certificate's 
status , compr i sing comprises the steps of: 

locating and reporting the status if the status is present and current in 
[[a]] the cache memory of the CSS; 

oth e rw i s e if the status is not present in the cache memory, performing 
the steps of: 

obtaining [[a]] the communications information, status type^ and 
retrieval method from [[a]] the CSS configuration store; 

if the status type is CRL Certif i cate Revocation L i st ("CRL") and 
the CRL in the cache memory is current, and the l ast r e tr ie v e d CRL i s current, 
but the status is not found in the cache memory, then reporting the status as 
valid; 

if the CRL is not current or found in the cache memory #4he 
status typ e i s not CRL and local time is greater than a next scheduled 
publication time for the CRL or the status type is not CRL , creating a 
connector and t frerhcomposing a certificate status request according to the 
status type; 

establishing a communication session with th e i ssu i ng CA a status 
reporting component of the issuing CA : 
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retrieving the status from [[a]] the CA's status reporting component ef 
th e i ssuing CA using the obtained retrieval method and ending the 
communication session; 

interpreting the retrieved status; 

associating, with the interpreted retrieved status, a time-to-live value 
representing a period specified by [[a]] the respective CSS policy for the 
status type; 

adding at least one of the auth e nticat i on certificate's identification, 
status[[,]] and time-to-live values to the cache memory; and 

reporting the status to the trusted third-party repository of information 
objects i n r e spons e to th e qu e ry . 

12. (Cancelled) 

13. (Cancelled) 

14. (Cancelled) 

1 5. (Currently Amended) [[A]] The C e rt i ficate Status S e rvic e 
("CSS") method of claim 1 for providing accurat e and t i m el y certificate status 
i nd i cat i ons of reports for authentication certificates issued by the approved 
CAs i ssuing C e rt i fic a t i on Author i ti e s ("CAs") , further comprising: 

prov i d i ng a reporting valid certificate status when the status type is 
CRL the CRL is current, status of an auth e nt i cation c e rtificat e as and the 
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status is not found in the cache memory; ind i cat e d by a C e rtif i cat e R e vocat i on 
L i st ("CRL") wh e n th e c e rtif i cat e 's issuing CA us e s CRLs for i nd i cat i ng status; 

oth e rw i s e , prov i ding tho reporting the status when status is found in the 
i ndicated by a cache memory wh e n th e cach e m e mory inc l ud e s a status and 
a and the time-to-live and use-counter data element values have [[is]] not 
exceeded respective thresholds ; 

if either the time-to-live or use-counter dat a e l e m e nt values have 
exceeded the threshold i s e xc ee d e d, clearing the status from the cache 
memory; 

if the certificate status has not been reported in a previous step, then 
requesting and retrieving the status using the status type indicated in the 
configuration store; 

when the status type is CRL, retrieving and parsing the new CRL at a 
next indicated publication time; 

when the status type is at least one of the type LDAP, OSCP, and any 
other [[a]] real-time certificate status reporting protocol , retrieving and parsing 
wh e n the status; is not in the cach e m e mory; 

adding at least one of the certificate's identification, status, [[and]] time- 
to-live andjjse^counj^ to the cache memory; and 

prov i d i ng reporting the retrieved statu s to the reguesting entity . 

16. (Currently Amended) The CSS of claim 15, wherein a status 
use-counter data element is added to the cache memory, wherein [[;11 the 
status use-counter data element is incremented or decremented every time 
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the certificate's status is checked^;]] and if the status use-counter data 
element passes a threshold, then the status is prov i ded reported and the 
cache memory is cleared with respect to the status. 

17. (Currently Amended) The CSS of claim 16, wherein a status 
last-accessed data element is added to the cache memory, and the status 
last-accessed data element in conjunction with the status use-counter data 
element enable the CSS to determine an determ i nation of an activity level of 
the certificate's status. 

18. (Currently Amended) The CSS of claim 17, wherein when a 
request is made to the CSS to retrieve a status of a new certificate and the 
cache memory has reached an allocated kttffef memory size limit, the CSS 
searches the cache memory for [[a]] every certificate status entry where the 
current time exceeds the time-to-live data ele ment value, for every certificate 
status entry where the value of the use-counter data element exceeds the 
threshold and the value of the at least one certificate status entry with the 
oldest e xce e ds th e curr e nt l ocal t i m e or a last-accessed value, wherein data 
e le m e nt i nd i cating an o l d e st dat e and the CSS then clears the respective 
cache memory e ntry; entries, and th e CSS then retrieves the requested 
certificate status, places [[it]] the certificate status in the cache memory, and 
provid e s reports the requested certificate status to the requesting entity . 
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19. (Withdrawn) A method of executing a transaction between a 
first party and a second party by transferring control of an authenticated 
information object having a verifiable evidence trail, comprising the steps of: 

retrieving an authenticated information object from a trusted third-party 
repository of information objects, wherein the authenticated information object 
includes a first digital signature block comprising a digital signature of a 
submitting party and a first authentication certificate relating at least an 
identity and a cryptographic key to the submitting party, a date and time 
indicator, and a second digital signature block comprising a second digital 
signature of the trusted third-party repository of information objects and a 
second authentication certificate relating at least an identity and a 
cryptographic key to the trusted third-party repository of information objects; 
the first digital signature block was validated by the trusted third-party 
repository of information objects; and the authenticated information object is 
stored as an electronic Withdrawn authoritative copy information object under 
the control of the trusted third-party repository of information objects; 

executing the retrieved authenticated information object by the second 
party by including in the retrieved authenticated information object a third 
digital signature block comprising at least a third digital signature and a third 
authentication certificate of the second party; and 

forwarding the executed retrieved authenticated information object to a 
trusted third-party repository of information objects, wherein the trusted third- 
party repository of information objects verifies digital signatures and validates 
authentication certificates associated with the digital signatures included in 
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information objects by at least retrieving status of the authentication 
certificates from a Certificate Status Service ("CSS") provided according to 
claim 1; the trusted third-party repository of information objects rejects a digital 
signature block if the respective digital signature is not verified or the status of 
the respective authentication certificate is expired or is revoked; and if at least 
one signature block in the information object is not rejected, the trusted third- 
party repository of information objects appends the trusted third-party 
repository's digital signature block and a date and time indicator to the 
information object and takes control of the object on behalf of the first party. 

20. (Withdrawn) The method of claim 19, wherein a signature block 
includes at least one hash of at least a portion of the information object in 
which the signature block is included, the at least one hash is encrypted by 
the cryptographic key of the block's respective signer, thereby forming the 
signer's digital signature, and the signer's digital signature is included in the 
signature block with the signer's authentication certificate. 

21 . (Withdrawn) The method of claim 20, wherein the executing 
step includes displaying a local date and time to the second party, affirming, 
by the second party, that the displayed local date and time are correct, and 
correcting the local date and time if either is incorrect. 

22. (Withdrawn) The method of claim 19, wherein if the trusted 
third-party repository of information objects rejects a digital signature block, 
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the trusted third-party repository of information objects requests a remedy that 
requires the digital signature to be recomputed and the signature block to be 
reforwarded. 

23. (Withdrawn) The method of claim 19, wherein the trusted third- 
party repository of information objects checks the local date and time for 
accuracy and that they are within a validity period indicated by the second 
party's authentication certificate. 

24. (Withdrawn) The method of claim 23, wherein if the local date 
and time are not within the validity period indicated by the second party's 
authentication certificate, the trusted third-party repository of information 
objects notifies the second party that the authentication certificate is rejected 
and the first party that the transaction is incomplete. 

25. (Withdrawn) The method of claim 19, wherein one or more 
digitized handwritten signatures are included in the information object, and 
placement of the digitized handwritten signatures in a data structure is 
specified by at least one signature tag. 

26. (Withdrawn) The method of claim 19, wherein placement of one 
or more signature blocks in a data structure is specified by at least one 
signature tag. 
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27. (Withdrawn) The method of claim 26, wherein one or more 
signature blocks are separately forwarded to the trusted third-party repository 
of information objects with respective signature tags, and the trusted third- 
party repository of information objects validates the signature blocks by: 

rejecting a signature block if either the respective digital signature is not 
verified or the respective authentication certificate is not validated, and 

placing the signature block according to the respective signature tag if 
the signature block is not rejected, 

wherein, to signature blocks sent separately, the trusted third-party 
repository of information objects adds a date and time indication to each 
signature block and appends according to business rules the trusted third- 
party repository's signature block in a wrapper that encompasses the 
information object and placed signature blocks. 

28. (Withdrawn) The method of claim 27, wherein the trusted third- 
party repository of information objects verifies a digital signature and validates 
an authentication certificate in a signature block by: 

determining from the business rules whether a party associated with 
the authentication certificate has authority, 
verifying the partes digital signature, 

checking that the authentication certificate's validity period overlaps the 
trusted third-party repository's current date and time, 

checking that the local date and time falls within an allowable deviation 
from the trusted third-party repository 's current date and time, and 
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retrieving status of the authentication certificate from the CSS, and 
if any of the preceding steps results in an invalid or false output, the 
digital signature is deemed invalid, the transaction is not executed, otherwise 
the digital signature is deemed valid and the transaction is executed. 

29. (Withdrawn) The method of claim 19, wherein the CSS provides 
authentication certificate status to the trusted third-party repository of 
information objects by at least the steps of checking a local cache memory for 
the status, and if the status is found in the local cache memory and the local 
date and time are within the validity period, and retrieving the status from the 
local cache memory; or if the time-to-live or use-counter threshold is 
exceeded clearing the cache memory entry, wherein if the status is not found 
in the local cache memory, the CSS establishes a communication session 
with a certificate status reporting component of the issuing CA, composes a 
certificate status request, retrieves the status from the certificate status 
reporting component, closes the communication session with certificate status 
reporting component, and adds at least the authentication certificated 
identification, status, and a time-to-live data element to the local cache 
memory. 

30. (Withdrawn) The method of claim 19, wherein the first party is a 
first trusted third-party repository of information objects and the transaction is 
for transferring custody of one or more authoritative copies to the first trusted 
third-party repository of information objects from a second trusted third-party 
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repository of information objects, an owner of the transaction provides the 
second trusted third-party repository of information objects with a manifest 
that identifies authoritative copies to be transferred to the first trusted third- 
party repository of information objects, the second trusted third-party 
repository of information objects establishes communication with the first 
trusted third-party repository of information objects and identifies the purpose 
of its actions, the manifest is communicated to the first trusted third-party 
repository of information objects so that it is able to determine when the 
transfer of custody has been completed, the second trusted third-party 
repository of information objects transfers each identified authoritative copies 
to the first trusted third-party repository of information objects, the first trusted 
third-party repository of information objects retrieves status of the second 
trusted third-party repository's certificate and verifies the second trusted third- 
party repository's digital signature on each transferred authoritative copies, if 
any of the second trusted third-party repository's digital signatures or 
certificates are invalid, then the first trusted third-party repository of 
information objects notifies the second rusted third-party repository of 
information objects and seeks a remedy, if the second trusted third-party 
repository of information objects does not provide a remedy, the first trusted 
third-party repository of information objects notifies the transaction owner that 
the requested transfer of custody has failed, otherwise the second trusted 
third-party repository of information objects creates a new wrapper for each 
successfully transferred information object, adding a date-time stamp and the 
first trusted third-party repository's signature block. 
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31 . (Withdrawn) The method of claim 30, wherein the transaction is 
a transfer of ownership in response to an instruction, transfer of ownership 
documentation is placed in either the first trusted third-party repository of 
information objects or the second trusted third-party repository of information 
objects, the trusted third-party repository of information objects having the 
transfer of ownership documentation validates authenticity of the transfer of 
ownership documentation by verifying all digital signatures, certificate validity 
periods, and using the CSS to check certificate status of all authentication 
certificates included in the transfer of ownership documentation, appends a 
date and time indication, and digitally signs, wraps and stores the transfer of 
ownership documentation, which are added to the manifest. 

32. (Withdrawn) The method of claim 19, wherein certificate status 
is indicated to the CSS by a Certificate Revocation List ("CRL"), according to 
a publication schedule of the issuing CA, the CSS retrieves the CRL from a 
certificate status reporting component listed in the configuration store, the 
CSS clears a cache memory associated with the issuing CA, and the CSS 
determines the status of the authentication certificate from the CRL and stores 
the status in the cache memory associated with the issuing CA. 

33. (Withdrawn) The method of claim 19, wherein certificate status 
is indicated to the CSS by a Delta Certificate Revocation List ("ACRL"); upon 
notification by the issuing CA that a ACRL is available, the CSS retrieves the 
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ACRL from a certificate status reporting component listed in the configuration 
store; if the ACRL is a complete CRL, then the CSS clears a cache memory 
associated with the issuing CA, determines the status from the CRL, and 
stores the status in the cache memory; and if the ACRL contains only 
changes occurring after publication of a full CRL, the CSS determines the 
status from the ACRL, and stores the status in the cache memory. 

34. (Currently Amended) The method of claim [[5]] 1_8, wherein a 
background low pr i or i ty garbage col le ction ut ili ty cleanup process removes all 
stale cache entries as required when new CRLs or ACRLs are retrieved, one 
of the thresholds is exceeded, or freeing up of cache is required, wh e r e th e 
tim e- to - liv e data e l e m e nt e xc ee ds curr e nt loca l tim e and/or may i nitiat e a 
st a tus updat e i f e stab li sh e d is CSS po li cy. 

35. (Currently Amended) The method of claim 1 , wh e r e by wherein 
any one CSS[[,]] can query any other CSS for the certificate status if that CSS 
is designated in the configuration store as an approved certificate status 
reporting component for the issuing CA. primary, retr i eves cert i ficat e status 
from a CA, PK I , or c e rtif i cat e status s e rv e r and any oth e r CSS, d e signat e d 
secondary, quer ie s tho primary CSS for cert i ficate status. 
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